WordPress Hide Categories Or Products On Shop Page plugin <= 1.0.7 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Hide Categories Or Products On Shop Page versions = 1.0.7...

CVE-2025-12128 Hide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings Update

The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the savedatahcps function. This makes it possible for unauthenticated attackers to...

CVE-2025-12128

CVE-2025-12128 concerns the WordPress plugin “Hide Categories Or Products On Shop Page” and affects versions up to and including 1.0.7. The issue is Cross-Site Request Forgery caused by missing or incorrect nonce validation in the save_data_hcps() function. This enables unauthenticated attackers ...

WordPress plugin Hide Categories Or Products On Shop Page 跨站请求伪造漏洞

...

EUVD-2020-14574

Malware in sbrugna...

EUVD-2021-11723

Malware in sbrugna...

EUVD-2025-24735

Malicious code in bioql PyPI...

CVE-2025-28999

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7...

CVE-2025-28999

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7...

CVE-2025-28999 WordPress WooCommerce Shop Page Builder <= 2.27.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7...

CVE-2025-28999 WordPress WooCommerce Shop Page Builder <= 2.27.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7...

PT-2025-33157 · Woocommerce · Woocommerce Shop Page Builder

Name of the Vulnerable Software and Affected Versions: WooCommerce Shop Page Builder versions through 2.27.7 Description: Improper neutralization of input during web page generation allows reflected cross-site scripting XSS. Recommendations: Update WooCommerce Shop Page Builder to a version later...

WordPress plugin WooCommerce Shop Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress WooCommerce Shop Page Builder <= 2.27.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WooCommerce Shop Page Builder versions = 2.27.7...

CVE-2025-29001

CVE-2025-29001 describes a Missing Authorization vulnerability in the ZoomIt WooCommerce Shop Page Builder (WordPress). Affected versions are 2.27.7 and earlier. Root cause per sources: misconfigured access control/security levels allowing unauthorized access. Base CVSS 3.1 vector indicates Netwo...

CVE-2021-24811

The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2020-21806

SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php...

Online-Book-Store-Website Security Vulnerability

Online-Book-Store-Website is an online bookstore website. A security vulnerability exists in Online-Book-Store-Website version 1.0, which is caused by a business logic error in the productprice parameter of the /shop.php file...

CVE-2021-24811

The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24811

The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...